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Abstract 

The A-calculus is considered an useful mathematical tool in the study of programming 
languages, since programs can be identified with A-terms. However, if one goes further and 
uses ^-conversion to prove equivalence of programs, then a gross simplification is introduced 
(programs are identified with total functions from values to values) , that may jeopardise the 
applicability of theoretical results. In this paper we introduce calculi based on a categorical 
semantics for computations, that provide a correct basis for proving equivalence of programs, 
for a wide range of notions of computation. 

Introduction 

This paper is about logics for reasoning about programs, in particular for proving equivalence of 
programs. Following a consolidated tradition in theoretical computer science we identify programs 
with the closed A-terms, possibly containing extra constants, corresponding to some features of 
the programming language under consideration. There are three semantic-based approaches to 
proving equivalence of programs: 

• The operational approach starts from an operational semantics, e.g. a partial function 
mapping every program (i.e. closed term) to its resulting value (if any), which induces a 
congruence relation on open terms called operational equivalence (see e.g. [Plo75]). Then 
the problem is to prove that two terms are operationally equivalent. 

• The denotational approach gives an interpretation of the (programming) language in a 
mathematical structure, the intended model. Then the problem is to prove that two terms 
denote the same object in the intended model. 

• The logical approach gives a class of possible models for the (programming) language. 
Then the problem is to prove that two terms denotes the same object in all possible models. 

The operational and denotational approaches give only a theory: the operational equivalence ss 
or the set Th of formulas valid in the intended model respectively. On the other hand, the logical 
approach gives a consequence relation h, namely Ax h A iff the formula A is true in all models 
of the set of formulas Ax, which can deal with different programming languages (e.g. functional, 
imperative, non-deterministic) in a rather uniform way, by simply changing the set of axioms 
Ax, and possibly extending the language with new constants. Moreover, the relation h is often 
semidecidable, so it is possible to give a sound and complete formal system for it, while Th and w 
arc semidecidable only in oversimplified cases. 

We do not take as a starting point for proving equivalence of programs the theory of (5r\- 
conversion, which identifies the denotation of a program (procedure) of type A — > B with a 
total function from A to B, since this identification wipes out completely behaviours like non- 
termination, non-determinism or side-effects, that can be exhibited by real programs. Instead, we 
proceed as follows: 

1. We take category theory as a general theory of functions and develop on top a categorical 
semantics of computations based on monads. 
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2. We consider simple formal systems matching the categorical semantics of computation. 

3. We extend stepwise categorical semantics and formal system in order to interpret richer 
languages, in particular the A-calculus. 

4. We show that w.l.o.g. one may consider only (monads over) toposes, and we exploit this fact 
to establish conservative extension results. 

The methodology outlined above is inspired by [SC08O] 1 , and it is followed in [Ros86, Mog86] to 
obtain the A p -calculus. The view that "category theory comes, logically, before the A-calculus" led 
us to consider a categorical semantics of computations first, rather than to modify directly the 
rules of ^-conversion to get a correct calculus. 

Related work 

The operational approach to find correct A-calculi w.r.t. an operational equivalence, was first 
considered in [Plo75] for call- by- value and call- by-name operational equivalence. This approach 
was later extended, following a similar methodology, to consider other features of computations like 
nondeterminism (see [Sha84]), side-effects and continuations (see [FFKD86, FF89]). The calculi 
based only on operational considerations, like the A v -calculus, are sound and complete w.r.t. the 
operational semantics, i.e. a program M has a value according to the operational semantics iff it 
is provably equivalent to a value (not necessarily the same) in the calculus, but they are too weak 
for proving equivalences of programs. 

Previous work on axiom systems for proving equivalence of programs with side effects has 
shown the importance of the fei-constructor (see [Mas88, MT89a, MT89b] ) . In the framework of 
the computational lambda-calculus the importance of let becomes even more apparent. 

The dcnotational approach may suggest important principles, e.g. fix-point induction (see 
[Sco69, GMW79]), that can be found only after developing a semantics based on mathematical 
structures rather than term models, but it docs not give clear criteria to single out the general 
principles among the properties satisfied by the model. Moreover, the theory at the heart of De- 
notational Semantics, i.e. Domain Theory (see [GS89, Mos89]), has focused on the mathematical 
structures for giving semantics to recursive definitions of types and functions (see [SP82]), while 
other structures, that might be relevant to a better understanding of programming languages, have 
been overlooked. This paper identify one of such structures, i.e. monads, but probably there are 
others just waiting to be discovered. 

The categorical semantic of computations presented in this paper has been strongly influenced 
by the reformulation of Denotational Semantics based on the category of epos, possibly without 
bottom, and partial continuous functions (see [Plo85]) and the work on categories of partial mor- 
phisms in [Ros86, Mog86]. Our work generalises the categorical account of partiality to other 
notions of computations, indeed partial cartesian closed categories turn out to be a special case of 
X c -models (see Definition 3.9). 

A type theoretic approach to partial functions and computations is proposed in [CS87, CS88] 
by introducing a type-constructor A, whose intuitive meaning is the set of computations of type 
A. Our categorical semantics is based on a similar idea. Constable and Smith, however, do not 
adequately capture the general axioms for computations (as we do), since their notion of model, 
based on an untyped partial applicative structure, accounts only for partial computations. 

1 A categorical semantics of computations 

The basic idea behind the categorical semantics below is that, in order to interpret a programming 
language in a category C, we distinguish the object A of values (of type A) from the object TA of 



1 "I am trying to find out where A-calculus should come from, and the fact that the notion of a cartesian closed 
category is a late developing one (Eilenberg & Kelly (1966)), is not relevant to the argument: I shall try to explain 
in my own words in the next section why we should look to it first" . 
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computations (of type A) , and take as denotations of programs (of type A) the elements of T A. 
In particular, we identify the type A with the object of values (of type A) and obtain the object 
of computations (of type A) by applying an unary type-constructor T to A. We call T a notion 
of computation, since it abstracts away from the type of values computations may produce. There 
are many choices for TA corresponding to different notions of computations. 

Example 1.1 We give few notions of computation in the category of sets. 

• partiality TA = A± (i.e. A + {_L}), where _L is the diverging computation 

• nondeterminism TA = Vfi n (A) 

• side-effects TA = (A x S) , where S is a set of states, e.g. a set U L of stores or a set of 
input/output sequences U* 

• exceptions TA = (A + E) , where E is the set of exceptions 

• continuations TA = R( rA \ where R is the set of results 

• interactive input TA = (fJ.'f.A + j u ), where U is the set of characters. 

More explicitly TA is the set of [/-branching trees with finite branches and A- labelled leaves 

• interactive output TA = {fJL")-A + (U x 7)). 
More explicitly TA is (isomorphic to) U* x A. 

Further examples (in a category of epos) could be given based on the denotational semantics for 
various programming languages (see [Sch86, GS89, Mos89]). 

Rather than focusing on a specific T, we want to find the general properties common to all notions 
of computation, therefore we impose as only requirement that programs should form a category. 
The aim of this section is to convince the reader, with a sequence of informal argumentations, that 
such a requirement amounts to say that T is part of a Klcisli triple (T, 77, _*) and that the category 
of programs is the Klcisli category for such a triple. 

Definition 1.2 ([Man76]) A Kleisli triple over a category C is a triple (T, 77, _*), where T: Obj(C) 
Obj(C), n A : A —> TA for A e Obj(C), f*:TA — > TB for f: A->TB and the following equations 
hold: 

• 1]*A = ' ld TA 

• Va', f * = f for f: A — > TB 

• f*-,9* = (/; 9*)* for f: A^TB and g: B -> TC. 

A Kleisli triple satisfies the mono requirement provided t]a is mono for A e C. 

Intuitively t/a is the inclusion of values into computations (in several cases n A is indeed a mono) and 
/* is the extension of a function / from values to computations to a function from computations 
to computations, which first evaluates a computation and then applies / to the resulting value. In 
summary 

a: A A [a] : TA 

a: A 1 ~> f{a):TB 

c:TA (letx<=cmf(x)):TB 

In order to justify the axioms for a Klcisli triple we have first to introduce a category Ct whose 
morphisms correspond to programs. We proceed by analogy with the categorical semantics for 
terms, where types are interpreted by objects and terms of type B with a parameter (free variable) 
of type A are interpreted by morphisms from A to B. Since the denotation of programs of type B 
are supposed to be elements of TB, programs of type B with a parameter of type A ought to be 
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interpreted by morphisms with codomain TB, but for their domain there arc two alternatives, cither 
A or TA, depending on whether parameters of type A are identified with values or computations 
of type A. We choose the first alternative, because it entails the second. Indeed computations 
of type A are the same as values of type TA. So we take Ct(A,B) to be C(A,TB). It remains 
to define composition and identities in Ct (and show that they satisfy the unit and associativity 
axioms for categories). 

Definition 1.3 Given a Kleisli triple (T, r\, _*) over C, the Kleisli category Ct is defined as 
follows: 

• the objects of Ct are those of C 

• the set Ct(A,B) of morphisms from A to B in Ct is C(A,TB) 

• the identity on A in Ct is r\A'- A — » TA 

• f € C T (A, B) followed by g e C T (B, C) in C T is f; g*:A -> TC. 

It is natural to take X]a as the identity on A in the category Ct, since it maps a parameter x to [x], 
i.e. to x viewed as a computation. Similarly composition in Ct has a simple explanation in terms 
of the intuitive meaning of /* , in fact 

x:AJ-^ f(x):TB y: B g(y):TC 
x:A^(let y<t=f(x)mg(y)):TC 

i.e. / followed by g in Ct with parameter x is the program which first evaluates the program 
f{x) and then feed the resulting value as parameter to g. At this point we can give also a simple 
justification for the three axioms of Kleisli triples, namely they are equivalent to the unit and 
associativity axioms for Ct- 

• /;»& = / for /: A - TB 

• tja; f * = f for /: A — > TB 

• (/; 9*); h* = /; (g; h*)* for /: A - TB, g: B - TC and h: C - TD. 

Example 1.4 We go through the notions of computation given in Example 1.1 and show that they 
are indeed part of suitable Kleisli triples. 

• partiality TA = A±(= A + {_L}) 
r\A is the inclusion of A into A± 

if /: A TB, then /*(_L) = _L and f*(a) = f(a) (when a e A) 

• nondeterminism TA = Vfi n (A) 
7]a is the singleton map a {a} 

if /: A — > TB and c e TA, then /*(c) = U a;ec /(x) 

• side-effects T4 = (4xS) s 
t]a is the map a 1— » (As: 5. (a, s)) 

if /: A -> TB and c e TA, then /*(c) = As: S.(let (a, s') = c(s) in /(a)(s')) 

• exceptions TA = (A + E) 

tja is the injection map a 1— > inl(a) 

if /: A -» TB, then f (inr(e)) = e (when e e E) and /*(inl(a)) = /(a) (when a e A) 

• continuations TA = B^ ) 

is the map a (Afc: R A .k(a)) 
if /: A — > TB and c e TA, then /*(c) = (Afc: R B .c(Xa: A./(a)(fc))) 
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• interactive input TA — (/17.A + j u ) 

r)A maps a to the tree consisting only of one leaf labelled with a 

if /: A — ► TB and c <G TA, then /*(c) is the tree obtained by replacing leaves of c labelled 
by a with the tree /(a) 

• interactive output TA = (n'y.A + (U x 7)) 
i]A is the map a (e, a) 

if /: A — > TS, then f*((s, a)) = (s* s', 6), where /(a) = (s', 6) and s * s' is the concatenation 
of s followed by s'. 

Klcisli triples are just an alternative description for monads. Although the formers are easy 
to justify from a computational perspective, the latters are more widely used in the literature on 
Category Theory and have the advantage of being defined only in terms of funtors and natural 
transformations, which make them more suitable for abstract manipulation. 

Definition 1.5 ([Mac71]) A monad over a category C is a triple (T,r),[i), where T:C — > C is 
a functor, n: Idc — * T and p.T T are natural transformations and the following diagrams 
commute: 




Proposition 1.6 ([Man76]) There is a one-one correspondence between Kleisli triples and mon- 
ads. 

Proof Given a Klcisli triple (T, 77, _*), the corresponding monad is (T, 77, /j), where T is the extension 
of the function T to an cndofunctor by taking T(f) = (/;j?b)* for f:A^B and [ia — id^A- 
Conversely, given a monad (T,r],fi), the corresponding Kleisli triple is (T, 77, _*), where T is the 
restriction of the functor T to objects and /* = (Tf); \xb for /: A — ► TB. | 

Remark 1.7 In general the categorical semantics of partial maps, based on a category C equipped 
with a dominion M. (see [Ros86]), cannot be reformulated in terms of a Klcisli triple over C 
satisfying some additional properties, unless C has lifting, i.e. the inclusion functor from C into the 
category of partial maps P(C, M) has a right adjoint _j_ characterised by the natural isomorphism 

C(A,B ± )=P(C,M)(A,B) 
This mismatch disappears when considering partial cartesian closed categories. 



2 Simple languages for monads 

In this section we consider two formal systems motivated by different objectives: reasoning about 
programming languages and reasoning about programs in a fixed programming language. When 
reasoning about programming languages one has different monads (for simplicity we assume that 
they are over the same category), one for each programming language, and the main aim is to 
study how they relate to each other. So it is natural to base a formal system on a metalanguage 
for a category and treat monads as unary type-constructors. When reasoning about programs one 
has only one monad, because the programming language is fixed, and the main aim is to prove 
properties of programs. In this case the obvious choice for the term language is the programming 
language itself, which is more naturally interpreted in the Kleisli category. 
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Remark 2.1 We regard the metalanguage as more fundamental. In fact, its models are more 
general, as they don't have to satisfy the mono requirement, and the interpretation of programs (of 
some given programming language) can be defined simply by translation into (a suitable extension 
of) the metalanguage. It should be pointed out that the mono requirement cannot be axiomatised 
in the metalanguage, as we would need conditional equations [x]t = [v]t - * % = V, and that 
existence assertions cannot be translated into formulas of the metalanguage, as we would need 
existcntially quantified formulas (e [ a ) = (3!x: <J.e° = [x]t) 2 ■ 

In Section 2.3 we will explain once for all the correspondence between theories of a simple 
programming language and categories with a monad satisfying the mono requirement. For other 
programming languages we will give only their translation in a suitable extension of the metalan- 
guage. In this way, issues like call-by-value versus call-by-name affect the translation, but not the 
metalanguage. 

In Categorical Logic it is common practice to identify a theory T with a category T{T) with 
additional structure such that there is a one-one correspondence between models of T in a category 
C with additional structure and structure preserving functors from T(T) to C (see [KR77]) 3 . This 
identification was originally proposed by Lawvere, who also showed that algebraic theories can be 
viewed as categories with finite products. 

In Section 2.2 we give a class of theories that can be viewed as categories with a monad, so that 
any category with a monad is, up to equivalence (of categories with a monad), one of such theories. 
Such a reformulation in terms of theories is more suitable for formal manipulation and more 
appealing to those unfamiliar with Category Theory However, there are other advantages in having 
an alternative presentation of monads. For instance, natural extensions of the syntax may suggest 
extensions of the categorical structure that may not be immediate to motivate and justify otherwise 
(we will exploit this in Section 3). In Section 2.3 we take a programming language perspective 
and establish a correspondence between theories (with equivalence and existence assertions) for a 
simple programming language and categories with a monad satisfying the mono requirement, i.e. 
t\a mono for every A. 

As starting point we take many sorted monadic equational logic, because it is more primitive 
than many sorted equational logic, indeed monadic theories are equivalent to categories without 
any additional structure. 



2.1 Many sorted monadic equational logic 

The language and formal system of many sorted monadic equational logic are parametric in a 
signature, i.e. a set of base types A and unary function symbols f: Ai — > A 2 . The language is made 
of types h A type, terms x: Ai h e: A 2 and equations x: Ai h e\ —a 2 e 2 defined by the following 
formation rules: 



■ — A base type 

h A type JL 



h A type 



var — n T 



f " A h h ; i: w f ; Ai — > A 2 
x:A\- f(ei): A 2 



eq 



x 



■:Aihei:A 2 cc:Aihe 2 :A 2 



x: 



■■ Ai h ei =a 2 e 2 



2 Thc uniqueness of x s.t. e° = [x]t follows from the mono requirement. 

3 In [LS86] a stronger relation is sought between theories and categories with additional structure, namely an 
equivalence between the category of theories and translations and the category of small categories with additional 
structure and structure preserving functors. In the case of typed A-calculus, for instance, such an equivalence 
between A-theories and cartesian closed categories requires a modification in the definition of A-theory, which allows 
not only equations between A-terms but also equations between type expressions. 



G 





O i IN 1 A A 


QTTA/T A NTTP1 


A 








h A type 


= [AI 


var 


h A type 


= C 




x:A\-x:A 


= id c 


f:Ai -> A 2 


x:A\- ei: Ai 


= 5 




i:Ah f(ei): A 2 


= 9; PI 


eq 


a;: Ai h e\: A 2 
a;: Ai h e 2 : A 2 


= 5i 

= 52 




a;: Ai h d =a 2 e 2 


.91 = 52 



Table 1 : Interpretation of Many Sorted Monadic Equational Language 

Remark 2.2 Terms of (many sorted) monadic equational logic have exactly one free variable (the 
one declared in the context) which occurs exactly once, and equations are between terms with the 
same free variable. 

An interpretation [_] of the language in a category C is parametric in an interpretation of the 
symbols in the signature and is defined by induction on the derivation of well-formedness for 
(types,) terms and equations (see Table 1) according to the following general pattern: 

• the interpretation [A] of a base type A is an object of C 

• the interpretation [f] of an unary function f: Ai — > A 2 is a morphism from [Ai] to [A 2 ] in 
C; similarly for the interpretation of a term x: Ai h e: A 2 

• the interpretation of an assertion x: A h 0 (in this case just an equation) is either true or 
false. 

Remark 2.3 The interpretation of equations is standard. However, if one want to consider more 
complex assertions, e.g. formulas of first order logic, then they should be interpreted by subobjects; 
in particular equality _ — _: A should be interpreted by the diagonal A j A j . 

The formal consequence relation on the set of equations is generated by the inference rules for 
equivalences ((refl), (simm) and (trans)), congruence and substitutivity (see Table 2). This formal 
consequence relation is sound and complete w.r.t. interpretation of the language in categories, i.e. 
an equation is formally derivable from a set of equational axioms if and only if all the interpretations 
satisfying the axioms satisfy the equation. Soundness follows from the admissibility of the inference 
rules in any interpretation, while completeness follows from the fact that any theory T (i.e. a set 
of equations closed w.r.t. the inference rules) is the set of equations satisfied by the canonical 
interpretation in the category T{T), i.e. T viewed as a category. 

Definition 2.4 Given a monadic equational theory T , the category T(T) is defined as follows: 

• objects are (base) types A, 

• morphisms from Ai to A 2 are equivalence classes [x: Ai h e:A 2 ] r of terms w.r.t. the equiv- 
alence relation induced by the theory T, i.e. 

(x: Ai h ei: A 2 ) = (x: Ai h e 2 : A 2 ) (x: Ai h e\ =a 2 e 2 ) G T 



7 



„ x:Ahe:Ai 
rcfi 



symm 
trans 



x: A h e =Aj e 
x: A h ei = Al e 2 



i:Ahe 2 =Ai ei 

x: A h ei =Aj e 2 x: A h e 2 =Ai e 3 
x: A h e 2 =Ai e 3 



x: A h ei = Al e 2 

congr — — — — — f:Ai 

x: A h f(ei) =a 2 f(e 2 ) 

x: A h e: Ai x: Ai h 0 
subst — 



x: A h [e/x]<j> 

Table 2: Inference Rules of Many Sorted Monadic Equational Logic 



• composition is substitution, i.e. 

[x: Ai h ei: A 2 ] T ; [x: A 2 h e 2 : A 3 ] r = [x: Ai h [ei/x]e 2 : A 3 ] r 



• identity over A is [x: A h x: A] T . 

There is also a correspondence in the opposite direction, namely every category C (with additional 
structure) can be viewed as a theory Tq (i.e. the theory of C over the language for C), so that C and 
T(Tc) are equivalent as categories (with additional structure). Actually, in the case of monadic 
equational theories and categories, C and T{Jc) are isomorphic. 

In the sequel we consider other equational theories. They can be viewed as categories in the 
same way described above for monadic theories; moreover, these categories are equipped with 
additional structure, depending on the specific nature of the theories under consideration. 



2.2 The Simple metalanguage 

We extend many sorted monadic equational logic to match categories equipped with a monad (or 
equivalently a Klcisli triple). Although we consider only one monad, it is conceptually straightfor- 
ward to have several monads at once. 

The first step is to extend the language. This could be done in several ways without affecting 
the correspondence between theories and monads, we choose a presentation inspired by Kleisli 
triples, more specifically we introduce an unary type-constructor T and the two term-constructors, 
[_] and let, used informally in Section 1. The definition of signature is slightly modified, since the 
domain and codomain of an unary function symbol f: n — > r 2 can be any type, not just base types 
(the fact is that in many sorted monadic logic the only types are base types). An interpretation 
[_] of the language in a category C with a Klcisli triple (T, rj, _*) is parametric in an interpretation 
of the symbols in the signature and is defined by induction on the derivation of well-formedness 
for types, terms and equations (see Table 3). Finally we add to many sorted monadic equational 
logic appropriate inference rules capturing axiomatically the properties of the new type- and term- 
constructors after interpretation (see Table 4). 

Proposition 2.5 Every theory T of the simple metalanguage, viewed as a category T(T), is 
equipped with a Kleisli triple (T,r),_*): 

• T(t) = Tt, 

• r) T = [i:rh ml [x] t :Tt] t , 

• ([x:ti h mi e:TT 2 ] T )* = \x':Tt x h ml (let T x<=x' in e): Tr 2 ] r . 
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RULE 


SYNTAX 




SEMANTICS 


A 










h TO ; A type 




[A] 


T 


^mi t type 


= 


c 




^mi Tt type 




Tc 


var 


l~m« t type 


= 


c 




X: t h mi x: r 




id c 


f : n — ► r 2 


x:t \- m i ei:n 


= 


9 




x: t \- m i f(ei): t 2 




9-, M 


[-]t 


a;: t \- m i e: r' 








[e] T :Tr' 


= 




let 


x: t \- m i e\\Tr\ 
x\\t\ \- m i e 2 :TT 2 


= 


ffi 
32 




x: t \- m i (letr Xi<=ei in e 2 ): Tr 2 


= 


51; 9*2 


eq 


a;: n h m( ei:r 2 
a;: ri \- m i e 2 : t 2 




91 
92 




a;: n h mi ei = T2 e 2 




91 = 92 



Table 3: Interpretation of the Simple Metalanguage 



j j ^ r h m ; ei =^ e 2 

x:r h m( [ei] T =t Ti Nt 

, , . a?: t h m( ei =m e 2 x': n h m( e' x = Tr2 e 2 
let. 4 



ass 
T./3 
T.r, 



a;: t h m ; (letr x'<=ei in e^) =rr 2 (letr x'4=e 2 in e 2 ) 

a;: r h mi ei: Tn xi: n V m i e 2 : Tr 2 x 2 : t 2 h m ; e 3 : Tr 3 

a;: t \- m i (lety x 2 <=(letT xi<=ei in e 2 ) in e 3 ) =tt 3 (lety X\<=ei in (letr x 2 <^e 2 in e 3 )) 

x: t h m ; ei: n xi: n h m ; e 2 : Tt 2 
x:rh m; (lct T xi^[ei] T ine 2 ) = Tt2 [ei/xi]e 2 

x:t \- m i ei-.Trx 

x: t h mi (let T xi<=ei in [xi] T ) =Tn ei 

Table 4: Inference Rules of the Simple Metalanguage 
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Proof We have to show that the three axioms for Klcisli triples are valid. The validity of each 
axiom amounts to the derivability of an equation. For instance, n* = id^r is valid provided 
x':Tt \- m i (letr x^x' in [x]t) —Tt x' is derivable, indeed it follows from (T.rj). The reader can 
check that the equations corresponding to the axioms rj T ; f* = f and f*;g* — {f;g*)* follow from 
(T./3) and (ass) respectively. I 



2.3 A Simple Programming Language 

In this section we take a programming language perspective by introducing a simple programming 
language, whose terms are interpreted by morphisms of the Kleisli category for a monad. Unlike 
the metalanguage of Section 2.2, the programming language does not allow to consider more than 
one monad at once. 

The interpretation in the Klcisli category can also be given indirectly via a translation in the 
simple metalanguage of Section 2.2 mapping programs of type r into terms of type Tt. If we try to 
establish a correspondence between equational theories of the simple programming language and 
categories with one monad (as done for the metalanguage), then we run into problems, since there 
is no way (in general) to recover C from Ct- What we do instead is to establish a correspondence 
between theories with equivalence and existence assertions and categories with one monad satisfying 
the mono requirement, i.e. tja is mono for every object A (note that i]ta is always a mono, because 
r/TA] A* A = idivi)- The intended extension of the existence predicate on computations of type A is 
the set of computations of the form [v] for some value v of type A, so it is natural to require t]a to 
be mono and interpret the existence predicate as the subobject corresponding to t]a- 

The simple programming language is parametric in a signature, i.e. a set of base types and 
unary command symbols. To stress that the interpretation is in Ct rather than C, we use unary 
command symbols p: n — 1 t 2 (instead of unary function symbols f : t\ — > r 2 ), we call x: n h p i e: r 2 
a program (instead of a term) and write _ = T _ (instead of _ =tt -) as equality of computations 
of type r. Given a category C with a Kleisli triple (T, rj, _*) satisfying the mono requirement, an 
interpretation [_] of the programming language is parametric in an interpretation of the symbols 
in the signature and is defined by induction on the derivation of well-formedness for types, terms 
and equations (sec Table 5) following the same pattern given for many sorted monadic equational 
logic, but with C replaced by Ct, namely: 

• the interpretation [r] of a (base) type r is an object of Ct, or equivalently an object of C 

• the interpretation [p] of an unary command p: t\ — t 2 is a morphism from [nj to [r 2 ] in 
Ct, or equivalently a morphism from [n] to T[r 2 ] in C; similarly for the interpretation of a 
program x: t\ h p ; e: t 2 

• the interpretation of an equivalence or existence assertion is a truth value. 



Remark 2.6 The let-constructor play a fundamental role: operationally it corresponds to sequen- 
tial evaluation of programs and categorically it corresponds to composition in the Kleisli category 
Ct (while substitution corresponds to composition in C). In the A v -calculus (let x<S=e in e') is treated 
as syntactic sugar for (Xx.e')e. We think that this is not the right way to proceed, because it ex- 
plains the let-constructor (i.e. sequential evaluation of programs) in terms of constructors available 
only in functional languages. On the other hand, (let x^e'me') cannot be treated as syntactic 
sugar for [e/x]e' (involving only the more primitive substitution) without collapsing computations 
to values. 

The existence predicate e J, is inspired by the logic of partial terms/elements (see [Fou77, Sco79, 
Mog88]); however, there are important differences, e.g. 

x'. t \~pi p(e) l T2 

strict ; — : p: Tl T 2 

X. T \ pi 6 \.ti 

is admissible for partial computations, but not in general. For certain notions of computation there 
may be other predicates on computations worth considering, or the existence predicate itself may 
have a more specialised meaning, for instance: 
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RULE 


SYNTAX 




SEMANTICS 


A 
A 










\- p i A type 


= 


[A] 


T 


\~ P i t type 




c 




\- p l Tt type 


= 


Tc 


var 


i^pi t type 




c 




x: t \- p i x: t 


= 




p: Ti r 2 


x: t \- p i e\\T\ 








x:t \- p i p(ei):r 2 


= 


<?;[p]* 


r 1 
[-J 


x: t \- p i e: t' 


= 


9 




x. t t-pi [e\. It 




g; vtit'j 


M 


x: t r p i e: Tt 
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x:t \- p i M(e):r' 


= 


g; Mjr'i 


let 


x: t \- p i ei'.Ti 
XV n \- p i e 2 : r 2 


= 






x'.rhpi (let x\^=e\ in e 2 ): r 2 






eq 


a;: n h p; ei: t 2 
x: ri h p ; e 2 : t 2 




gi 




a;: n h p ; ei = T2 e 2 




.91 = .92 


ex 


x: ti h pi e: r 2 




g 




x: ri h^ e | T2 




3\h: [ri] -» [t 2 ] s.t. g = h;rj lr2 j 



Table 5: Interpretation of the Simple Programming Language 



11 



X. T \pl 6 — Tl 6 

x: t l-pj ei = Tl e 2 



symm 



trans 



x: r h pi e 2 = Tl ei 

x: t e\ = Tl e 2 x: r h p ; e 2 = Tl e 3 
x: t \- p i e 2 = Tl e 3 



x: t h p ; ei = Tl e 2 
congr ^— — p: n r 2 

x:r h p ; p(ei) = T2 p(e 2 ) 

E.x hpiTtyPe 



E. congr 



X. T \~pl X l r 

x: t hp; ei = Tl e 2 x: r h p ; ei | Tl 



x: t \- p i e 2 I 



su bst — T ^ 6 X: Tl ^ 



x: t hp; [e/x]0 

Tabic 6: General Inference Rules 



• a partial computation exists iff it terminates; 

• a non-deterministic computation exists iff it gives exactly one result; 

• a computation with side-effects exists iff it does not change the store. 

Programs can be translated into terms of the metalanguage via a translation _° s.t. for every well- 
formed program x: t\ \~ v i e: r 2 the term x: n \- m i e°:Tr 2 is well- formed and \x:t\ h p ; e: r 2 ] = 
[x: ri h m ; e° : Tr 2 ] (the proof of these properties is left to the reader) . 

Definition 2.7 Given a signature £ for the programming language, let S° be the signature for the 
metalanguage with the same base types and a function p: t\ — > Tr 2 for each command p: t\ — 1 t 2 
in S. T/ie translation _° /rom programs over £ £o £erms ewer S° is defined by induction on raw 
programs: 

• x° = [x] T 

• (let xi-^ei in e 2 )° = (letr Xi<S=ei° in e 2 °) 

• p(ei)° = (let-r x<=ei° inp(x)) 

• N° i [e°] r 

• n(e)° = (letr x-^e° inx) 

The inference rules for deriving equivalence and existence assertions of the simple programming 
language can be partitioned as follows: 

• general rules (see Table 6) for terms denoting computations, but with variables ranging over 
values; these rules replace those of Table 2 for many sorted monadic equational logic 

• rules capturing the properties of type- and term-constructors (see Table 7) after interpretation 
of the programming language; these rules replace the additional rules for the metalanguage 
given in Table 4. 
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r , f x: t \- p i ei = Tl e 2 
x: t \- p i [ei] =tti [e2] 

x: t \- p i [ei] Im 



a:: r h p ; ei =T n e 2 

a; 



^ i:Th p i /Li(ei) = ri /u(e 2 ) 
x:t h pi ei:ri 



x:t h /x([ei]) = ri ei 

x: t \- p i ei 4m 
x:r h [/x(ei)J =t Ti ei 

let ^ x: r hp; ei = Tl e 2 x': ti h p ; e[ = T2 e' 2 
x: t hpj (let x'-^ei in e^) = T2 (let x'-^e 2 in e 2 ) 

x:t \- p i ef.Ti 
unit ■ : 

x: t \- p i (let xi<=a mil) =n ei 

x:t \- p i er.n xi: n h p ; e 2 : r 2 x 2 : t 2 h p ; e 3 : r 3 

g^gg £1 £1 £1 

x: t h p ; (let x 2 4=(let xi<^ei in e 2 ) in 63) = T3 (let x\<=e\ in (let x 2 4=e 2 ine3)) 
let /? X: T 61 Xi: Tl 62 : T2 



xirhpj (let a;i^=ei ine 2 ) = T2 [ei/xi]e 2 
x:r hp; ei:ri 

let.p -— -— — — : — rr p: ti r 2 

x:rhp; p(ei) = Tl (let xi<=ei mp(xi)) 

Table 7: Inference Rules of the Simple Programming Language 
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Soundness and completeness of the formal consequence relation w.r.t. interpretation of the 
simple programming language in categories with a monad satisfying the mono requirement is 
established in the usual way (see Section 2.1). The only step which differs is how to view a theory 
T of the simple programming language (i.e. a set of equivalence and existence assertions closed 
w.r.t. the inference rules) as a category T{T) with the required structure. 

Definition 2.8 Given a theory T of the simple programming language, the category !F(T) is de- 
fined as follows: 

• objects are types t, 

• morphisms from t\ to r 2 are equivalence classes [x: T\ h p ; e: t 2 ] t of existing programs x: t\ h p ; 
e | r2 € T w.r.t. the equivalence relation induced by the theory T, i.e. 

(x: n h p; e\\ r 2 ) = (x: n h p ; e 2 : r 2 ) <J=> (x: n h p ; e\ = T2 e 2 ) G T 



• composition is substitution, i.e. 

[x:ti \- p i ei:r 2 ] T ; [x:t 2 h p ; e 2 :r 3 ] r = [x:t\ h p ; [e 1 /x]e 2 : t 3 ] t 

• identity over t is [x: t \- p i x: r] r . 

In order for composition in T(T) to be well-defined, it is essential to consider only equivalence 
classes of existing programs, since the simple programming language satisfies only a restricted form 
of substitutivity. 

Proposition 2.9 Every theory T of the simple programming language, viewed as a category !F(T) , 
is equipped with a Kleisli triple (T, r], _*) satisfying the mono requirement: 

• T(t) - Tt, 

• i] r = [x:t\- p i [x]:Tt] t , 

• ([x:ti \- p i e:Tr 2 ] r )* = [x':Tt\ \- p i [(let x<=n(x') in n{e))]: Tt 2 ] t . 

Proof We have to show that the three axioms for Kleisli triples are valid. The validity of each axiom 
amounts to the derivability of an existence and equivalence assertion. For instance, n* = idj> is 
valid provided x':Tt h p ; x' [tt and x':Tt \- p i [(let x^fi{x') in /i([x]))] =tt x' are derivable. The 
existence assertion follows immediately from (E.x), while the equivalence is derived as follows: 

• x':Tt\~ p i [(let x<=fi(x') m(i([x]))] =tt [(let x<=(i(x') inx)] 

by (fji.0), (refl) and (let.£) 

• x':Tt\- p i [(let x<=fi(x') inx)] =t t [m( x ')] by (unit) and (let.^) 

• x':Tt hp/ [mOO] =Tt x' by (E.x) and (n-rj) 

• x':Tt\- p i [(let x<=n(x') in /i([x]))] =tt x' by (trans). 

We leave to the reader the derivation of the existence and equivalence assertions corresponding 
to the other axioms for Kleisli triples, and prove instead the mono requirement i.e. that f\\r\ T = 
f 2 \r\ T implies fx = / 2 . Let fa be [x:t' \- p i ei-.r] T , we have to derive x:t' h p ; ei = T e 2 from 
x:t' hp; [ei] =tt [e 2 ] (and x:t' h p/ e { J. r ) : 

• x:t' h p ; /i([ei]) = T /x([e 2 ]) by the first assumption and 

• x: t' h p ; n{[ei]) = T e, by ((1.(3) 

• x: t' h p ; ei = T e 2 by (trans). 
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Remark 2.10 One can show that the canonical interpretation of a program x: T\ \- p i e: r 2 in the 
category T{T) is the morphism [x:t\ \- p i [e]:Tr 2 ] r . This interpretation establishes a one-one 
correspondence between morphisms from t\ to Tt 2 in the category T{T), i.e. morphisms from t± 
to r 2 in the Klcisli category, and equivalence classes of programs x: n h p ; e: r 2 (not necessarely 
existing). The inverse correspondence maps a morphism [x: t\ \- p i e': Tt 2]^- to the equivalence class 
of x: n h p ; /i(e'): r 2 . Indeed, x: n h p ; e = T2 /u([e]) and x: n e' = T2 [t*(e')] are derivable provided 
x:ti h p( e' | Tr2 . 

3 Extending the simple metalanguage 

So far we have considered only languages and formal systems for monadic terms x: t\ h e: r 2 , having 
exactly one free variable (occurring once). In this section we want to extend these languages (and 
formal systems) by allowing algebraic terms x\: ti, . . . , x n : t„ h e: r, having a finite number of free 
variables (occurring finitely many times) and investigate how this affects the interpretation and 
the structure on theories viewed as categories. For convenience in relating theories and categories 
with additional structure, we also allow types to be closed w.r.t. finite products 4 , in particular 
a typing context x\ \ ti, . . . , x n : t„ can be identified with a type. In general, the interpretation of 
an algebraic term x\\ n, . . . , x n : r„ h e: r in a category (with finite products) is a morphism from 
([ri]x...x[r„l)to[r]. 

The extension of monadic equational logic to algebraic terms is equational logic, whose theories 
correspond to categories with finite products. We will introduce the metalanguage, i.e. the ex- 
tension of the simple metalanguage described in Section 2.2 to algebraic terms, and show that its 
theories correspond to categories with finite products and a strong monad, i.e. a monad and a natu- 
ral transformation tA,B- A x TB — > T(A x B). Intuitively tA,B transforms a pair value-computation 
into a computation of a pair of values, as follows 

a:A,c:TB (let y<=c'm [(a, y)]):T(A x B) 

Remark 3.1 To understand why a category with finite products and a monad is not enough to 
interpret the metalanguage (and where the natural transformation t is needed) , one has to look at 
the interpretation of a let-expression 

r \- ml g: Tn T, x: t\ h m ; e 2 : Tr 2 
T \- m i (lct T x^ei in e 2 ): Tr 2 

where T is a typing context. Let g\\ c — ► Tci and (; 2 : c x c\ — > Tc 2 be the interpretations of T h m ; 
e\:TT\ and T,x:ti h m ; e 2 :Tr 2 respectively, where c is the interpretation of the typing context T 
and Ci is the interpretation of the type n, then the interpretation of T h m ; (letr x<^ei in e 2 ): Tt 2 
ought to be a morphism g:c — > Tc 2 . If (T, 77, /x) is the identity monad, i.e. T is the identity 
functor over C and 77 and ii are the identity natural transformation over T, then computations get 
identified with values. In this case (letr x-^ei in e 2 ) can be replaced by [ei/x]e 2 , so 5 is simply 
(id c , gi);g 2 :c — > c 2 . In the general case Table 3 suggests that _; _ above is indeed composition in 
the Kleisli category, therefore (id c , .91); ,92 should be replaced by (id c , gi); g 2 * ■ But in (id c , gi); ,92* 
there is a type mismatch, since the codomain of (id c , is c x Tc\, while the domain of Tgi is 
T(c x ci). The natural transformation tA,B- A x TB — > T(A x i3) mediates between these two 
objects, so that g can be defined as (id c , <?i); t CjCl ; g 2 *. 



4 If the metalanguage does not have finite products, we conjecture that its theories would no longer correspond to 
categories with finite products and a strong monad (even by taking as objects contexts and/or the Karoubi envelope, 
used in [Sco80] to associate a cartesian closed category to an untyped A-theory), but instead to multicategories with 
a Kleisli triple. We felt the greater generality (of not having products in the metalanguage) was not worth the 
mathematical complications. 
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Definition 3.2 A strong monad over a category C with (explicitly given) finite products is a 
monad (T,r],fi) together with a natural transformation t^,s from A x TB to T(A x B) s.t. 




1 x TA —> T(l x A) 



tAxB.C 

(Ax B)x TC ■ — > T((A xB)xC) 



OlA,B.TC 



Tcya.B ,C 

idA X t B ,C tA,BxC 

Ax(Bx TC) A x T(B x C) > T(A x (B x C)) 



Ax B 



id A x n B 



AxTB 
4\ 




-> T(A x B) 



l&A X [l B 



t^AxB 



tA,TB TtA.B 

A x T B > T(A x TB) > T 2 (A x B) 

where r and a are the natural isomorphisms 

r A :(lxA)^A , a A , B ,c- {A x B) x C -» A x (B x C) 

Remark 3.3 The diagrams above are taken from [Koc72], where a characterisation of strong mon- 
ads is given in terms of C-enriched categories (see [Kcl82]). Kock fixes a commutative monoidal 
closed category C (in particular a cartesian closed category), and in this setup he establishes a 
one-one correspondence between strengths st a. b'-B a — > (TB) TA and tensorial strengths tA,B' A® 
TB —> T(A ® B) for a endofunctor T over C (see Theorem 1.3 in [Koc72]). Intuitively a strength 
st a,b internalises the action of T on morphisms from A to B, and more precisely it makes (T, st) 
a C-enriched endofunctor on C enriched over itself (i.e. the hom-object C(A,B) is B A ). In this 
setting the diagrams of Definition 3.2 have the following meaning: 

• the first two diagrams are (1.7) and (1.8) in [Koc72], saying that t is a tensorial strength of 
T. So T can be made into a C-enriched endofunctor. 

• the last two diagrams say that n: Idc — > T and fi:T 2 T are C-enriched natural transfor- 
mations, where Idc, T and T 2 are enriched in the obvious way (see Remark 1.4 in [Koc72]). 

There is another purely categorical characterisation of strong monads, suggested to us by G. 
Plotkin, in terms of C-indexed categories (see [JP78]). Both characterisations are instances of a 
general methodological principle for studying programming languages (or logics) categorically (see 
[Mog89b]): 

when studying a complex language the 2-category Cat of small categories, functors and 
natural transformations may not be adequate; however, one may replace Cat with a 
different 2-category, whose objects captures better some fundamental structure of the 
language, while less fundamental structure can be modelled by 2-categorical concepts. 
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Monads are a 2-categorical concept, so we expect notions of computations for a complex language 
to be modelled by monads in a suitable 2-category. 

The first characterisation takes a commutative monoidal closed structure on C (used in [Laf88, 
See87] to model a fragment of linear logic), so that C can be enriched over itself. Then a strong 
monad over a cartesian closed category C is just a monad over C in the 2-category of C-enriched 
categories. 

The second characterisation takes a class T> of display maps over C (used in [HP87] to model 
dependent types), and defines a C-indcxed category C/v- Then a strong monad over a category 
C with finite products amounts to a monad over C/t>- in the 2-category of C-indexed categories, 
where T> is the class of first projections (corresponding to constant type dependency) . 

In general the natural transformation t has to be given explicitly as part of the additional 
structure. However, t is uniquely determined (but it may not exists) by T and the cartesian 
structure on C, when C has enough points. 

Proposition 3.4 (Uniqueness) If (T, r\, \i) is a monad over a category C with finite products and 
enough points (i.e. V/i: 1 — > A.h; f = h;g implies f = g for any f,g.A — > B), then (T,n,n,t) is 
a strong monad over C if and only if t^.s is the unique family of morphisms s.t. for all points 
a: 1 -> A and b: 1 -> TB 

(a,b);t A ,B = b;T((\ B ; a, id B )) 
where \b- B — > 1 is the unique morphism from B to the terminal object. 

Proof Note that there is at most one t^.s s.t. (a, b);tA,B = b; T((\b; a, ids)) for all points a: 1 — > A 
and b: 1 — > TB, because C has enough points. 

First we show that if (T, n, fj,, t) is a strong monad, then t^.s satisfies the equation above. By 
naturality of t and by the first diagram in Definition 3.2 the following diagram commutes 



(a,b) 



> AxTB 
A 



tA,B 



(idi, 6) 



> T(A x B) 
A 



a x idys 



1 x TB 



tl,B 



T(a x id B ) 



■> T(l x B) 




Tr B 

V 
TB 

Since rs is an isomorphism (with inverse (!s,ids)), then the two composite morphisms (a, b); t^.s 
and (idi, b); Ttb\ T^g 1 ); T(ax ids) from 1 to T(AxB) must coincide. But the second composition 
can be rewritten as b; T((\b; a, ids)). 

Second we have to show that if t is the unique family of morphisms satisfying the equation 
above, then (T, 77, jj,, t) is a strong monad. This amount to prove that t is a natural transformation 
and that the three diagrams in Definition 3.2 commute. The proof is a tedious diagram chasing, 
which relies on C having enough points. For instance, to prove that ti^; Tr A = tta it is enough 
to show that (idi, a); ti ; ^; TrA = (idi, a); rTA for all points a: 1 — > A. I 

Example 3.5 We go through the monads given in Example 1.4 and show that they have a tensorial 
strength. 

• partiality TA = Aj_(= A + {!_}) 

tA,s(a, -L) = -L and tA,B{o, b) = (a, b) (when b e B) 

• nondeterminism TA = Vfi n (A) 
t A ,B{a,c) = {<a, 6>|6 € c} 
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• side-effects TA = (A x S) S 

U,b(o,c) = (As: 5. (let (b,s') = c(s)m((a,b),s'))) 

• exceptions TA = (A + E) 

t/i,s(a, inr(e)) — inr(e) (when e E E) and 
tA,B(a,ml(b)) =inl((o,6» (when b <E B) 

• continuations 7M = R( rA ^ 
t A ,s(a,c) = (Afc: R Ax B .c(\b: B.k((a, &)))) 

• interactive input T.A = (fi'y.A + j u ) 

tA b(Oj c) is the tree obtained by replacing leaves of c labelled by 6 with the leaf labelled by 

(a, 6) ' 

• interactive output Tj4 = (fi'y.A + (U x 7)) 
U,b(o, (s,&)) = (s, (a,b)}. 

Remark 3.6 The tensorial strength t induces a natural transformation tpA,B from TA x TB to 
T(A x B), namely 

1pA,B — CTA,TB]^TB,A] (ctB,A] ^A,b)* 

where c is the natural isomorphism ca,b- A x B ^> B x A. 

The morphism ipA,B has the correct domain and codomain to interpret the pairing of a com- 
putation of type A with one of type B, obtained by first evaluating the first argument and then 
the second, namely 

a:TA,c 2 :TB (let x<=c\ in (let y<=C2 in [(a;, y)])): T{A x B) 

There is also a dual notion of pairing, ipA,B — cta,tb',iPb,a',Tcb,a (see [Koc72]), which amounts 
to first evaluating the second argument and then the first. 

3.1 Interpretation and formal system 

We are now in a position to give the metalanguage for algebraic terms, its interpretation and 
inference rules. 

Definition 3.7 (metalanguage) An interpretation [_] of the metalanguage in a category C with 
terminal object Ia-A — > 1, binary products irf^'^-.Ai x A 2 — > Ai and a strong monad (T, n, fj,,t) 
is parametric in an interpretation of the symbols in the signature and is defined by induction on 
the derivation of well-formedness for types (see Table 8), terms and equations (see Table 9). 

Finite products 7rf 1 ''"' An : A\ X . . . X A n — > Ai used to interpret contexts and variables are defined 
by induction on n: 

0 A t x . . . x A 0 = 1 

n + 1 At x . . . x A n+ t = (At x ... x A n ) x A n+1 

Ai,...,A n+ i _ <A 1 x...xA n ),A„ +1 
n n+l — n 2 

Ai,...,A n+ i _ (AiX...xA n ),A n+ i A 1 ,...,A n 
n i — n l ' n i 

The inference rules for the metalanguage (see Table 10) are divided into three groups: 

• general rules for many sorted equational logic 

• rules for finite products 

• rules for T 
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q V1\TT A Y 
O i IN 1 r\ A 


C1TTA/T A ATTTPC; 
DIl/lVlillN llUu 


A 








\- m i A type 


= [A] 


T 


^mi t type 


= c 




\- ml Tt type 


= Tc 


1 








h mi 1 type 


= 1 


X 


l-mi n type 
l~m« T2 type 


= Ci 

= c 2 




l"mi n x t 2 type 


= ci x c 2 


0 


T"i type (1 < i < n) 


= Ci 




1 ■ Tl , . . . , X n . T n h~ 


= a x . . . x c„ 



Table 8: Interpretation of types in the Metalanguage 



Proposition 3.8 Every theory T o/ t/ie metalanguage, viewed as a category T{T), is equipped 
with finite products and a strong monad whose tensorial strength is 

tn,T 2 = [x:ti x Tr 2 \- m i (lct T x 2 ^tt 2 x m[(TTix, x 2 )]t)- T(n x r 2 )] r 

Proof Similar to that of Proposition 2.5 I 

Once we have a metalanguage for algebraic terms it is straightforward to add data-types charac- 
terised by universal properties and extend the categorical semantics accordingly 5 . For instance, if 
we want to have function spaces, then we simply require the category C (where the metalanguage 
is interpreted) to have exponentials B A and add the inference rules for the simply typed A-calculus 
(see Table 11) to those for the metalanguage. From a programming language perspective the situ- 
ation is more delicate. For instance, the semantics of functional types should reflect the choice of 
calling mechanism 6 : 

• in call-by- value a procedure of type A — > B expects a value of type A and computes a result 
of type B, so the interpretation of A — > B is (TB) A ; 

• in call-by-name a procedure of type A — > B expects a computation of type A, which is 
evaluated only when needed, and computes a result of type B, so the interpretation of 
A—>Bis (TB) TA . 

In both cases the only exponentials needed to interpret the functional types of a programming 
language are of the form (TB) . By analogy with partial cartesian closed categories (pccc), where 
only p- exponentials are required to exists (see [Mog86, Ros86]), we adopt the following definition 
of Ac-model: 



5 The next difficult step in extending the metalanguage is the combination of dependent types and computations, 
which is currently under investigation. 

6 call-by-need does not have a simple categorical semantics, since the environment in which an expression is 
evaluated may itself undergo evaluation. 
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RULE 


SYNTAX 




SEMANTICS 


var; 


\~mi n type (1 < i < n) 


= 


Cl 








Cl,...,C„ 

i 


* 










Th *:1 


= 


! ir] 


0 


r h ei:n 
r h e 2 : r 2 


= 


5i 




T h (ei,e 2 ):ri x r 2 




(51,52) 


7Ti 


T h e: n x r 2 


= 


5 




rh 7Tj(e):Ti 






f : Ti — > r 2 


T l- m ; ei: Ti 




5 




rh mi f( ei ):r 2 




5;[f] 


[-]t 


T \- m i e: t 


= 


5 




rUi [e\ T :Tr 




55 »7[t] 


let 


T h m; ei:Tn 
T,x:ri h m ; e 2 :Tr 2 




5i 
52 




T l-mi (lct T a; <=ei in e 2 ):Tr 2 




(id[r],5i);t[r],[n];5 2 


eq 


r l- m ; ei:r 
T l- m ; e 2 :r 




5i 
52 




T \- m i ei = T e 2 




5i = 52 



Table 9: Interpretation of terms in the Metalanguage 
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rhe:r 

refl — 

r h e = T e 

r h ei = T e 2 

symm — 

1 h e 2 = T ei 

T h ei = r e 2 r h e 2 = T e 3 
r h e 2 = T e 3 
T h ei = Tl e 2 

congr rhf (ei) =.f(e 2 ) f:Tl ^ T2 

r h e: r r, X'. t \~ d) 
subst — 



trans 



T h [e/x]0 

Inference Rules of Many Sorted Equational Logic 

i.t] r h * =1 x 

T h ei = Tl ei r h e 2 = r , e' 2 



04 

x./3 

X.f] 

l-U 

ass 
T./3 
T.»j 



r h (ei,e 2 ) =nxr 2 (ei,e 2 ) 
r h ei: Ti T h e 2 : t 2 
T h 7ri((ei,e 2 }) = Tj e, 

T h e: ri x r 2 
T h (7ri(e),7r 2 (e)) = ri XT 2 e 

rwZes /or product types 

r l~ m i ei = T e 2 
T l- m ; [ei] T =Tt Mt 

r l~mi ei =Tn e 2 T,x:ti h m ; =r T2 e' 2 
rh m ; (lctTaj-^eiinei) =tt 2 (lcty x^e 2 in e 2 ) 

rr- m ;ei:TTi r,xi:Ti h m ; e 2 :Tr 2 T, x 2 : r 2 h m ; e 3 : Tr 3 

T l- TO ; (letr x 2 <=(letT xi<=ei in e 2 ) in e 3 ) =t T3 (letr Xi<=ei in (letr a; 2 <J=e 2 in e 3 )) 

rh m ;ei:Ti r, xi: n h m ; e 2 : Tr 2 
T h mi (let T a;i<J=[ei]Tine 2 ) = T r 2 [ei/xi]e 2 

r h m ; ei: Tn 

T h mi (let T xi<=ei in [xi] T ) = Tri e 1 

Table 10: Inference Rules of the Metalanguage 



r i G\ ~~ ti r i c — — ;j 

T h eei = T2 e'e'j 



T,x:t! h ei = T2 e 2 



rh (Ax:ri.ei) = Tl ^ T2 (Ax:ri.e 2 ) 

rheiiTi T, x: ri h e 2 : r 2 
r h (Ax:ri.e 2 )ei = r2 [ei/x]e 2 



r ^r e:ri r T2 — **w 

1 h (AxiTi.ex) = Tl ^ T2 e 



Table 11: rules for function spaces 
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Definition 3.9 A A c -model is a category C with finite products, a strong monad (T, r], /x,t) satis- 
fying the mono requirement (i.e. t\a mono for every A G C) and T-exponential (TB) A for every 
A,BeC. 

Remark 3.10 The definition of A c -model generalises that of pece, in the sense that every pece 
can be viewed as a A c -model. By analogy with p-exponentials, a T-exponential can be defined by 
giving an isomorphism C T (C x A,B) = C(C, (TB) ) natural in C E C. We refer to [Mog89c] for 
the interpretation of a call-by-valuc programming language in a A c -modcl and the corresponding 
formal system, the A c -calculus. 

4 Strong monads over a topos 

In this section we show that, as far as monads or strong monads are concerned, we can assume 
w.l.o.g. that they are over a topos (see Theorem 4.9). The proof of Theorem 4.9 involves non- 
elementary notions from Category Theory, and we postpone it after discussing some applications, 
with particular emphasis on further extensions of the metalanguage and on conservative extension 
results. 

Let us take as formal system for toposes the type theory described in [LS86], this is a many 
sorted intuitionistic higher order logic with equality and with a set of types satisfying the following 
closure properties 7 : 

• the terminal object 1 , the natural number object N and the subobject classifier f2 are types 

• if A is a type, then the power object PA is a type 

• if A and B are types, then the binary product A x B and the function space A — > B are 
types 

• if A is a type and <j): A — > f2 is a predicate, then {x G is a type. 
Notation 4.1 We introduce some notational conventions for formal systems: 

• MLt is the metalanguage for algebraic terms, whose set of types is closed under terminal 
object, binary products and TA; 

• AMLt is the extension of MLt with function spaces A — > B (interpreted as exponentials); 

• HMLt is the type theory described above (see [LS86]) extended with objects of computations 
TA; 

• PL is the programming language for algebraic terms (see [Mog89c]); 

• A c PL is the extension of PL with function spaces A — ^ B (interpreted as T-exponentials) , 
called A c -calculus in [Mog89c]. 

Definition 4.2 We say that a formal system ^2^2), where I-2C V(L2) x L2 is a formal conse- 
quence relation 8 over L 2 , is a conservative extension of (Li,hi) provided L\ C L 2 and hi is 
the restriction o/h 2 to V(Li) x L\. 

Theorem 4.3 HMLy is a conservative extension of MLt and AMLt- In particular AMLy is a 
conservative extension of MLt- 



7 Lambek and Scott do not require closure under function spaces and subsets {x g A\</>(x)}. 

8 For instance, in the case of MLy the elements of L are well-formed equality judgements V h m ; ei = T ei and 
P h C iff there exists a derivation of C, where all assumptions are in P. 
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Proof The first result follows from Theorem 4.9, which implies that for every model C of ML^ 
the Yoneda embedding maps the interpretation of an ML^-term in C to its interpretation in C, 
and the faithfulness of the Yoneda embedding, which implies that two ML^-terms have the same 
interpretation in C iff they have the same interpretation in C. The second result follows, because 
the Yoneda embedding preserves function spaces. The third conservative extension result follows 
immediately from the first two. I 

The above result means that we can think of computations naively in terms of sets and func- 
tions, provided we treat them intuitionistically, and can use the full apparatus of higher-order 
(intuitionistic) logic instead of the less expressive many sorted equational logic. 

Before giving a conservative extension result for the programming language, we have to express 
the mono requirement, equivalence and existence in HMLt- The idea is to extend the translation 
from PL-terms to MLp-terms given in Definition 2.7 and exploit the increased expressiveness of 
HMLt over MLx to axiomatise the mono requirement and translate existence and equivalence 
assertions (see Remark 2.1): 

• the mono requirement for r, i.e. r\ T is mono, is axiomatised by 

mono.T (Vx,y: t.[x] t =Tt [v]t —> x = T y) 

• the equalising requirement for r, i.e. i] T is the equaliser of T{rj T ) and i]t t , is axiomatised 
by (mono.T) and the axiom 

cqls.T (Vx:Tt.[x] t = T 2 t (lct T y-<=xm [[j/]t]t) —> (3!y: t.x = Tt [y] T )) 

• the translation _° is extended to assertions and functional types as follows: 

- (ei = T e 2 ) = ei = T r e 2 ° 

- ( ei l T )° = (31x:T. ei ° = Tt [x] T ) 

- (n ^ r 2 )° = n ° -> Tr 2 ° 

Theorem 4.4 HMLt + { (mono.T) | r type o/PL} (i.e. r is built using only base types, I, TA, and 
AxB) is a conservative extension o/PL (after translation) . Similarly, HMLt+{ (mono.T) | r type of X c 
(i.e. t is built using only base types, 1, TA, AxB and A — > B) is a conservative extension of 
A C PL (after translation). 

Proof The proof proceeds as in the previous theorem. The only additional step is to show that for 
every type t of PL (or A C PL) the axiom (mono.T) holds in C, under the assumption that C satisfies 
the mono requirement. Let c be the interpretation of t in C (therefore Yc is the interpretation of 
t in C), then the axiom (mono.T) holds in C provided fjy c is a mono. rj c is mono (by the mono 
requirement), so f/Yc = Y(?7 C ) is mono (as Y preserves monos). I 

In the theorem above only types from the programming language have to satisfy the mono require- 
ment. Indeed, HMLt + {(mono.T) | r type of HMLt} is not a conservative extension of PL (or 
A C PL). 

Lemma 4.5 If(T, rj, /i) is a monad over a topos C satisfying the mono requirement, then it satisfies 
also the equalising requirement. 

Proof See Lemma 6 on page 110 of [BW85]. I 

In other words, for any type r the axiom (eqls.T) is derivable in HMLy- from the set of axioms 
{(mono.T) | t type of HMLt}- In general, when C is not a topos, the mono requirement does not 
entail the equalising requirement; one can easily define strong monads (over an Heyting algebra) 
that satisfy the mono but not the equalising requirement (just take T(A) = AV B, for some 
element B ^ 1 of the Heyting algebra). In terms of formal consequence relation this means 
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that in HMLy + mono requirement the existence assertion T \- p i e [ T is derivable from T \- p i 
[e] =tt (let x<=ein [x]), while such derivation is not possible in A C PL. We do not know whether 
HMLt- + equalising requirement is a conservative extension of PL + equalising requirement, or 
whether A C PL is a conservative extension of PL. 

A language which combines computations and higher order logic, like HMLt, seems to be the 
ideal framework for program logics that go beyond proving equivalence of programs, like Hoare's 
logic for partial correctness of imperative languages. In HMLt (as well as MLt and PL) one can 
describe a programming language by introducing additional constant and axioms. In AMLt or 
A C PL such constants correspond to program-constructors, for instance: 

• lookup: L — > TU, which given a location I £ L produces the value of such location in the 
current store, and update: LxU —* Tl, which changes the current store by assigning to I e L 
the value u e U; 

• if: Bool x TA x TA — > TA and while: T(Bool) x Tl -» Tl; 

• new: 1 — ► TL, which returns a newly created location; 

• read: 1 — > TU, which computes a value by reading it from the input, and write: U —* Tl, 
which writes a value u£[/on the output. 



In HMLt one can describe also a program logic, by adding constants p: TA 
properties of computations. 



Q corresponding to 



Example 4.6 Let T be the monad for non-deterministic computations (see Example 1.4), then we 
can define a predicate may: A x TA — ► f2 such that may(a, c) is true iff the value a is a possible 
outcome of the computation c (i.e. a e c). However, there is a more uniform way of defining the 
may predicate for any type. Let O-.TQ — > O be the predicate such that O(X) = T iff T g X, 
where ft is the set {-L,T} (note that 0(_) = may(T , _)). Then, may(a,c) can be defined as 
0(lctT a^cin [a — T x]t)- 

The previous example suggests that predicates defined uniformly on computations of any type 
can be better described in terms of modal operators 7: TCI — > f2, relating a computation of truth 
values to a truth value. This possibility has not been investigated in depth, so we will give only a 
tentative definition. 

Definition 4.7 If(T,r],fj,) is a monad over a topos C, then a T-modal operator is a T -algebra 
7: TO -> Q, i.e. 

T 2 fi > TO < 



TO 




7 



where is t/ie subobject classifier in C. 

The commutativity of the two diagrams above can be expressed in the metalanguage: 

• i:(lh 7([x]t) < — ► a; 

• c: T 2 fi h 7 (let x<=c in x) < > 7(lct .T^cin [7(x)]t) 

We consider some examples and non-examples of modal operators. 

Example 4.8 For the monad T of non-deterministic computations (see Example 1.4) there are 
only two modal operators □ and O: 



D(X) = lllel; 



24 



• O(X) = T iff T e x. 



Given a nondctcrministic computation e of type r and a predicate A(x) over r, i.e. a term of type 
fi, then D(letT x<=ein [A(x)]t) is true iff all possible results of e satisfy A(x). 

For the monad T of computations with side-effects (see Example 1.4) there is an operator 
□ : (f2 x S) — > f2 that can be used to express Hoare's triples: 

• □/ = T iff for all sE S there exists s'eS s.t. fs = (T, s'} 

this operator does not satisfy the second equivalence, as only one direction is valid, namely 
c:T 2 fl h 7(letx-4=cin [7(0;)] r) — » 7(let x<=cinx) 

Let P:U^il and Q:U x U — > f2 be predicates over storable values, e € Tl a computation of type 
1 and x,y £ L locations. The intended meaning of the triple {P(x)}e{Q(x, y)} is "if in the initial 
state the content u of x satisfies P(u), then in the final state (i.e. after executing e) the content 
v of y satisfies Q(u, v) n . This intended meaning can be expressed formally in terms of the modal 
operator □ and the program-constructors lookup and update as follows: 

Vw: U.P(u) — > D(letT v^(update{x, u); e; lookup(y)) in [Q(w, v)]t) 

where _; _: TA x T_B — ► TB is the derived operation e\\ e-i = (letr x<=ei in e 2 ) with x not free in e2- 

Finally, we state the main theorem and outline its proof. In doing so we assume that the reader 
is familiar with non-clcmcntary concepts from Category Theory 

Theorem 4.9 Let C be a small category, C the topos of presheaves over C and Y the Yoneda 
embedding of C into C. Then for every monad (T,T],(J,) overC, there exists a monad (T,fj,p,) over 
C such that the following diagram commutes 9 




and for all a E C the following equations hold 

VYa = Y(Va) , AYa = Y(/Lt a ) 

Moreover, for every strong monad (T, r], ji, t) overC, there exists a natural transformation t such 
that (T, fj, fi, t) is a strong monad over C and for all a,b <E C the following equation holds 

tYa,Yb = Y(t 0j b) 

where we have implicitly assume that the Yoneda embedding preserves finite products on the nose, 
i.e. the following diagrams commute 

1 x 
1 > C < CxC 




C <- 



Y x Y 
CxC 



9 This is a simplifying assumption. For our purposes it would be enough to have a natural isomorphism a:T;Y ^+ 
Y; T, but then the remaining equations have to be patched. For instance, the equation relating r\ and r) would become 
nva = Y(?? a ); a a . 
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and for all a,b € C. the following equations hold 

! Y a = Y(! a ) , ^ Yb = Y«' & ) 

Definition 4.10 ([Mac71]) Let T:C — > V be a functor between two small categories and A a 
cocomplete category. Then, the left Kan extension L^:A C — > A v is the left adjoint of A T and 
can be defined as follows: 

L^)(d) = Colim^ d (7r;F) 

where F:C — > A , d eP, T J. d is the comma category whose objects are pairs (c G C, f: Tc^> d) , 
it: T I d — > C is the projection functor (mapping a pair (c, /) to c) and Colinij : A 1 — > A (with I 
small category) is a functor mapping an I -diagram in A to its colimit. 

The following proposition is a 2-categorical reformulation of Theorem 1.3.10 of [MR77]. For the 
sake of simplicity, we use the strict notions of 2-functor and 2-natural transformation, although we 
should have used pseudo- functors and pseudo-natural transformations. 

Proposition 4.11 Let Cat be the 2-category of small categories, CAT the 2-category of locally 
small categories and _: Cat — ► CAT the inclusion 2-functor. Then, the following 2: Cat — ► CAT 
is a 2-functor 

nop 

• if C is a small category, then C is the topos of presheaves Set 



• if T:C —* V is a functor, then T is the left Kan extension Lf.?* 

• if o~. S T: C — > V is a natural transformation and F e C, then bp is the natural transfor- 
mation corresponding to idf F via the following sequence of steps 

C{F, T op ; TF) i V(TF, TF) 

C(F,a°P;TF) 
V 

C(F,S op ;TF) i—^ V(SF,TF) 
Moreover, Y: _ 1 is a 2-natural transformation. 

Since monads are a 2-categorical concept (see [Str72]), the 2-functor 2 maps monads in Cat to 
monads in CAT. Then, the statement of Theorem 4.9 about lifting of monads follows immediately 
from Proposition 4.11. It remains to define the lifting t of a tensorial strength t for a monad (T, 77, /1) 
over a small category C. 

Proposition 4.12 If C is a small category with finite products and T is an endofunctor over 
C, then for every natural transformation t a fi'-0- x Tb — > T(a x b) there exists a unique natural 
transformation i FyG : F x TG — > f(F x G) s.t. t Ya ,Yb = Y(t 0i &) for all a,b eC. 

Proof Every F e C is isomorphic to the colimit Colimy 1 F (7r; Y) (shortly ColirmYi), where Y is 
the Yoneda embedding of C into C. Similarly G is isomorphic to Colim -Yj. Both functors (_ x T_) 
and T(_ x _) from C x C to C preserves colimits (as T and _ x F arc left adjoints) and commute 
with the Yoneda embedding (as Y(a x b) = Ya x Yb and f(Ya) = Y {To)). Therefore, F x TG and 
T(F x G) are isomorphic to the colimits Colim^ -Yi x T(Yj) and Colim i jT(Yi x Yj) respectively. 
Let t be the natural transformation we are looking for, then 

Y(t w ) „ 
Yi x T(Yj) > T(Yi x Yj) 



fxTg 



f(f x g) 



F x T(G) > T(F x G) 



2G 



for all f:Yi — > F and g: Yj — > g (by naturality of t and iyi,Yj = Y(ti i-7 -)). But there exists exactly 
one morphism tF,G making the diagram above commute, as (tij\i,j) is a morphism between 
diagrams in C of the same shape, and these diagrams have colimit cones (/ x Tg\f,g) and (T(f x 
g)\f,g) respectively. I 

Remark 4.13 If T is a monad of partial computations, i.e. it is induced by a dominion A4 on C 
s.t. P(C,A4)(a,b) = C(a,Tb), then the lifting T is the monad of partial computations induced by 
the dominion M. on C, obtained by lifting M. to the topos of prcshcaves, as described in [Ros86]. 
For other monads, however, the lifting is not the expected one. For instance, if T is the monad 

S A Y S 

of side-effects (.xS) , then T is not (in general) the endofunctor (_ x YS) on the topos of 
presheaves. 

Conclusions and further research 

The main contribution of this paper is the category-theoretic semantics of computations and the 
general principle for extending it to more complex languages (see Remark 3.3 and Section 4), while 
the formal systems presented are a straightforward fallout, easy to understand and relate to other 
calculi. 

Our work is just an example of what can be achieved in the study of programming languages 
by using a category-theoretic methodology, which avoids irrelevant syntactic detail and focus in- 
stead on the important structures underlying programming languages. We believe that there is a 
great potential to be exploited here. Indeed, in [Mog89b] we give a categorical account of phase 
distinction and program modules, that could lead to the introduction of higher order modules in 
programming languages like ADA or ML (see [HMM90]), while in [Mog89a] we propose a "modular 
approach" to Denotational Semantics based on the idea of monad-constructor (i.e. an endofunctor 
on the category of monads over a category C). 

The metalanguage open also the possibility to develop a new Logic of Computable Functions 
(see [Sco69]), based on an abstract semantic of computations rather than domain theory, for 
studying axiomatically different notions of computation and their relations. Some recent work by 
Crolc and Pitts (see [CP90]) has consider an extension of the metalanguage equipped with a logic 
for inductive predicates, which goes beyond equational reasoning. A more ambitious goal would 
be to try exploiting the capabilities offered by higher-order logic in order to give a uniform account 
of various program logics, based on the idea of "T-modal operator" (see Definition 4.7). 

The semantics of computations corroborates the view that (constructive) proofs and programs 
are rather unrelated, although both of them can be understood in terms of functions. Indeed, 
monads (and comonads) used to model logical modalities, e.g. possibility and necessity in modal 
logic or why not and of course of linear logic, usually do not have a tensorial strength. In general, 
one should expect types suggested by logic to provide a more fine-grained type system without 
changing the nature of computations. 

We have identified monads as important to model notions of computations, but computational 
monads seem to have additional properties, e.g. they have a tensorial stregth and may satisfy the 
mono requirement. It is likely that there are other properties of computational monads still to be 
identified, and there is no reason to believe that such properties have to be found in the literature 
on monads. 
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